At the hacking competition Pwn2own last week, security researchers have hacked Mozilla’s Web browser Firefox four times. With the update scheduled for this week on Firefox 28.0, the Mozilla developers have closed the exploited security holes – and 18 more. More than half of the vulnerabilities are also related to the Thunderbird mail program and are now being released in its new version 24.4.0
The descriptions of the 22 security holes closed in Firefox have distributed Mozilla to 18 security messages. Five of these "security advisories" deal with critical gaps, including the four exploited at Pwn2own. Two other vulnerabilities affect only Firefox for Android, which is also available in the corrected version 28.0.
One of the few innovations in Firefox 28 is the support of the video codec VP9 and the audio code Opus for WebM videos. If a Web page uses the new HTML-5 functions to play a video or audio file, Firefox 28 (Download) displays a volume control. On Mac OS X, Firefox is now using Apple's messaging center.
The mail program Thunderbird 24.4.0 (download) fixes 14 security gaps. These are the same vulnerabilities as in Firefox, as far as Thunderbird is concerned. In the web suite Seamonkey the same exploitable quirks as in Firefox. However, the new version of Seamonkey 2.25, which is intended to plug these holes, is not yet available. The ESR version 24.4 of Firefox (Extended Support Release) is already available. They are missing the new functions since the Firefox version 24.0 - only the security gaps are closed. There is no separate ESR version for Thunderbird.
No comments:
Post a Comment